001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.net.URI; 022import java.util.Collections; 023import java.util.HashSet; 024import java.util.Set; 025 026import net.minidev.json.JSONObject; 027 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata; 030import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 031 032 033/** 034 * OpenID Provider (OP) endpoint metadata. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 040 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 041 * Access Tokens (RFC 8705) 042 * <li>OAuth 2.0 Device Flow for Browserless and Input Constrained Devices 043 * (draft-ietf-oauth-device-flow-14) 044 * <li>OpenID Connect Discovery 1.0, section 3. 045 * <li>OpenID Connect Session Management 1.0, section 2.1 (draft 28). 046 * <li>OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02). 047 * <li>OpenID Connect Back-Channel Logout 1.0, section 2.1 (draft 07). 048 * <li>OpenID Connect Federation 1.0 (draft 22). 049 * </ul> 050 */ 051public class OIDCProviderEndpointMetadata extends AuthorizationServerEndpointMetadata implements ReadOnlyOIDCProviderEndpointMetadata { 052 053 /** 054 * The registered parameter names. 055 */ 056 private static final Set<String> REGISTERED_PARAMETER_NAMES; 057 058 059 static { 060 Set<String> p = new HashSet<>(AuthorizationServerEndpointMetadata.getRegisteredParameterNames()); 061 p.add("userinfo_endpoint"); 062 p.add("check_session_iframe"); 063 p.add("end_session_endpoint"); 064 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 065 } 066 067 068 /** 069 * Gets the registered provider metadata parameter names for endpoints. 070 * 071 * @return The registered provider metadata parameter names for the 072 * endpoints, as an unmodifiable set. 073 */ 074 public static Set<String> getRegisteredParameterNames() { 075 076 return REGISTERED_PARAMETER_NAMES; 077 } 078 079 080 /** 081 * The UserInfo endpoint. 082 */ 083 private URI userInfoEndpoint; 084 085 086 /** 087 * The cross-origin check session iframe. 088 */ 089 private URI checkSessionIframe; 090 091 092 /** 093 * The logout endpoint. 094 */ 095 private URI endSessionEndpoint; 096 097 098 /** 099 * Creates a new OpenID Connect provider endpoint metadata instance. 100 */ 101 public OIDCProviderEndpointMetadata() { 102 } 103 104 105 /** 106 * Converts an authorization server endpoint metadata to an OpenID 107 * Connect provider endpoint metadata instance. 108 */ 109 public OIDCProviderEndpointMetadata(final AuthorizationServerEndpointMetadata endpointMetadata) { 110 111 setAuthorizationEndpointURI(endpointMetadata.getAuthorizationEndpointURI()); 112 setTokenEndpointURI(endpointMetadata.getTokenEndpointURI()); 113 setRegistrationEndpointURI(endpointMetadata.getRegistrationEndpointURI()); 114 setIntrospectionEndpointURI(endpointMetadata.getIntrospectionEndpointURI()); 115 setRevocationEndpointURI(endpointMetadata.getRevocationEndpointURI()); 116 setDeviceAuthorizationEndpointURI(endpointMetadata.getDeviceAuthorizationEndpointURI()); 117 setBackChannelAuthenticationEndpointURI(endpointMetadata.getBackChannelAuthenticationEndpointURI()); 118 setPushedAuthorizationRequestEndpointURI(endpointMetadata.getPushedAuthorizationRequestEndpointURI()); 119 setRequestObjectEndpoint(endpointMetadata.getRequestObjectEndpoint()); 120 setFederationRegistrationEndpointURI(endpointMetadata.getFederationRegistrationEndpointURI()); 121 } 122 123 124 @Override 125 public URI getUserInfoEndpointURI() { 126 return userInfoEndpoint; 127 } 128 129 130 /** 131 * Sets the UserInfo endpoint URI. Corresponds the 132 * {@code userinfo_endpoint} metadata field. 133 * 134 * @param userInfoEndpoint The UserInfo endpoint URI, {@code null} if 135 * not specified. 136 */ 137 public void setUserInfoEndpointURI(final URI userInfoEndpoint) { 138 this.userInfoEndpoint = userInfoEndpoint; 139 } 140 141 142 @Override 143 public URI getCheckSessionIframeURI() { 144 return checkSessionIframe; 145 } 146 147 148 /** 149 * Sets the cross-origin check session iframe URI. Corresponds to the 150 * {@code check_session_iframe} metadata field. 151 * 152 * @param checkSessionIframe The check session iframe URI, {@code null} 153 * if not specified. 154 */ 155 public void setCheckSessionIframeURI(final URI checkSessionIframe) { 156 this.checkSessionIframe = checkSessionIframe; 157 } 158 159 160 @Override 161 public URI getEndSessionEndpointURI() { 162 return endSessionEndpoint; 163 } 164 165 166 /** 167 * Sets the logout endpoint URI. Corresponds to the 168 * {@code end_session_endpoint} metadata field. 169 * 170 * @param endSessionEndpoint The logoout endpoint URI, {@code null} if 171 * not specified. 172 */ 173 public void setEndSessionEndpointURI(final URI endSessionEndpoint) { 174 this.endSessionEndpoint = endSessionEndpoint; 175 } 176 177 178 @Override 179 public JSONObject toJSONObject() { 180 181 JSONObject o = super.toJSONObject(); 182 183 if (getUserInfoEndpointURI() != null) 184 o.put("userinfo_endpoint", getUserInfoEndpointURI().toString()); 185 186 if (getCheckSessionIframeURI() != null) 187 o.put("check_session_iframe", getCheckSessionIframeURI().toString()); 188 189 if (getEndSessionEndpointURI() != null) 190 o.put("end_session_endpoint", getEndSessionEndpointURI().toString()); 191 192 return o; 193 } 194 195 196 /** 197 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 198 * JSON object. 199 * 200 * @param jsonObject The JSON object to parse. Must not be 201 * {@code null}. 202 * 203 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 204 * 205 * @throws ParseException If the JSON object couldn't be parsed to an 206 * OAuth 2.0 Authorisation Server endpoint metadata. 207 */ 208 public static OIDCProviderEndpointMetadata parse(final JSONObject jsonObject) 209 throws ParseException { 210 211 AuthorizationServerEndpointMetadata as = AuthorizationServerEndpointMetadata.parse(jsonObject); 212 213 OIDCProviderEndpointMetadata op = new OIDCProviderEndpointMetadata(); 214 215 op.setAuthorizationEndpointURI(as.getAuthorizationEndpointURI()); 216 op.setTokenEndpointURI(as.getTokenEndpointURI()); 217 op.setRegistrationEndpointURI(as.getRegistrationEndpointURI()); 218 op.setIntrospectionEndpointURI(as.getIntrospectionEndpointURI()); 219 op.setRevocationEndpointURI(as.getRevocationEndpointURI()); 220 op.setDeviceAuthorizationEndpointURI(as.getDeviceAuthorizationEndpointURI()); 221 op.setBackChannelAuthenticationEndpointURI(as.getBackChannelAuthenticationEndpointURI()); 222 op.setPushedAuthorizationRequestEndpointURI(as.getPushedAuthorizationRequestEndpointURI()); 223 op.setFederationRegistrationEndpointURI(as.getFederationRegistrationEndpointURI()); 224 op.setRequestObjectEndpoint(as.getRequestObjectEndpoint()); 225 op.userInfoEndpoint = JSONObjectUtils.getURI(jsonObject, "userinfo_endpoint", null); 226 op.checkSessionIframe = JSONObjectUtils.getURI(jsonObject, "check_session_iframe", null); 227 op.endSessionEndpoint = JSONObjectUtils.getURI(jsonObject, "end_session_endpoint", null); 228 229 return op; 230 } 231}